FreeBSD : phpmyfaq -- multiple vulnerabilities (cbfc1591-c8c0-11ee-b45a-589cfc0f81b0)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cbfc1591-c8c0-11ee-b45a-589cfc0f81b0 advisory. phpMyFAQ team reports: phpMyFAQ doesn't implement sufficient checks to avoid XSS when ...
6.7AI Score
[SECURITY] [DSA 5624-1] edk2 security update
Debian Security Advisory DSA-5624-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2024 https://www.debian.org/security/faq Package : edk2 CVE ID : CVE-2023-48733 Mate Kukri discovered...
8.8CVSS
6.8AI Score
0.0004EPSS
[SECURITY] [DSA 5623-1] postgresql-15 security update
Debian Security Advisory DSA-5623-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2024 https://www.debian.org/security/faq Package : postgresql-15 CVE ID : CVE-2024-0985 It was...
8CVSS
7.6AI Score
0.001EPSS
[SECURITY] [DSA 5622-1] postgresql-13 security update
Debian Security Advisory DSA-5622-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2024 https://www.debian.org/security/faq Package : postgresql-13 CVE ID : CVE-2024-0985 It was...
8CVSS
7.7AI Score
0.001EPSS
[SECURITY] [DSA 5621-1] bind9 security update
Debian Security Advisory DSA-5621-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2024 https://www.debian.org/security/faq Package : bind9 CVE ID : CVE-2023-4408 CVE-2023-5517...
7.5CVSS
7.5AI Score
0.001EPSS
[SECURITY] [DSA 5620-1] unbound security update
Debian Security Advisory DSA-5620-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 14, 2024 https://www.debian.org/security/faq Package : unbound CVE ID : CVE-2023-50387 CVE-2023-50868...
7.5CVSS
7.5AI Score
0.0005EPSS
RansomHouse am See By Pham Duy Phuc, Max Kersten in collaboration with Noël Keijzer and Michaël Schrijver from Northwave · February 14, 2024 Ransom gangs make big bucks by extorting victims, which sadly isn’t new. Their lucrative business allows them not only to live off the stolen money, but also....
8AI Score
Microsoft is addressing 73 vulnerabilities this February 2024 Patch Tuesday, including two (actually, three!) zero-day/exploited-in-the-wild vulnerabilities, both of which are already included on the CISA KEV list. Today also brings patches for two critical remote code execution (RCE)...
9.8CVSS
10AI Score
0.643EPSS
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can...
7.5AI Score
0.001EPSS
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can...
7.5AI Score
0.001EPSS
Description of the security update for Office 2016: February 13, 2024 (KB5002519)
Description of the security update for Office 2016: February 13, 2024 (KB5002519) Summary This security update resolves a Microsoft Outlook remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-21413. Note: To apply.....
9.7AI Score
0.009EPSS
Description of the security update for Skype for Business 2016: February 13, 2024 (KB5002181)
Description of the security update for Skype for Business 2016: February 13, 2024 (KB5002181) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-20673....
8AI Score
0.001EPSS
Description of the security update for Office 2016: February 13, 2024 (KB5002467)
Description of the security update for Office 2016: February 13, 2024 (KB5002467) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and...
9.2AI Score
0.009EPSS
Description of the security update for Excel 2016: February 13, 2024 (KB5002536)
Description of the security update for Excel 2016: February 13, 2024 (KB5002536) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-20673. Note: To apply...
8AI Score
0.001EPSS
Description of the security update for Office 2016: February 13, 2024 (KB5002537)
Description of the security update for Office 2016: February 13, 2024 (KB5002537) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and...
9.2AI Score
0.009EPSS
Description of the security update for Office 2016: February 13, 2024 (KB5002522)
Description of the security update for Office 2016: February 13, 2024 (KB5002522) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and...
9.2AI Score
0.009EPSS
Description of the security update for Word 2016: February 13, 2024 (KB5002542)
Description of the security update for Word 2016: February 13, 2024 (KB5002542) Summary This security update resolves a Microsoft Word remote code execution vulnerability and Microsoft Office remote code execution vulnerability. To learn more about the vulnerabilities, see the following security...
8AI Score
0.001EPSS
Description of the security update for Office 2016: February 13, 2024 (KB5002469)
Description of the security update for Office 2016: February 13, 2024 (KB5002469) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-20673. Note: To apply...
8AI Score
0.001EPSS
Description of the security update for PowerPoint 2016: February 13, 2024 (KB5002495)
Description of the security update for PowerPoint 2016: February 13, 2024 (KB5002495) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-20673. Note: To...
7.9AI Score
0.001EPSS
Description of the security update for Publisher 2016: February 13, 2024 (KB5002492)
Description of the security update for Publisher 2016: February 13, 2024 (KB5002492) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-20673. Note: To...
8AI Score
0.001EPSS
Description of the security update for Visio 2016: February 13, 2024 (KB5002491)
Description of the security update for Visio 2016: February 13, 2024 (KB5002491) Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-20673. Note: To apply...
8AI Score
0.001EPSS
Description of the security update for Outlook 2016: February 13, 2024 (KB5002543)
Description of the security update for Outlook 2016: February 13, 2024 (KB5002543) Summary This security update resolves a Microsoft Outlook remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-21378. Note: To apply....
8.2AI Score
0.001EPSS
KB5034868: Servicing stack update for Windows Server 2012: February 13, 2024
KB5034868: Servicing stack update for Windows Server 2012: February 13, 2024 REMINDER Windows Server 2012 reached end of support (EOS) on October 10, 2023. Extended Security Updates (ESUs) are available for purchase and will continue for three years, renewable on an annual basis, until the final...
6.8AI Score
Ransomware review: February 2024
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...
7.1AI Score
[SECURITY] [DSA 5619-1] libgit2 security update
Debian Security Advisory DSA-5619-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 09, 2024 https://www.debian.org/security/faq Package : libgit2 CVE ID : CVE-2024-24577 CVE-2024-24575 Two...
9.8CVSS
7.3AI Score
0.004EPSS
pqc_kyber KyberSlash: division timings depending on secrets
Various Kyber software libraries in various environments leak secret information into timing, specifically because these libraries include a line of code that divides a secret numerator by a public denominator, the number of CPU cycles for division in various environments varies depending on the...
7AI Score
pqc_kyber KyberSlash: division timings depending on secrets
Various Kyber software libraries in various environments leak secret information into timing, specifically because these libraries include a line of code that divides a secret numerator by a public denominator, the number of CPU cycles for division in various environments varies depending on the...
7AI Score
Ransomware in 2023 recap: 5 key takeaways
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of...
7.3AI Score
[SECURITY] [DSA 5618-1] webkit2gtk security update
Debian Security Advisory DSA-5618-1 [email protected] https://www.debian.org/security/ Alberto Garcia February 08, 2024 https://www.debian.org/security/faq Package : webkit2gtk CVE ID : CVE-2024-23206 CVE-2024-23213...
8.8CVSS
7.7AI Score
0.001EPSS
A Kickoff Discussion on Core Aspects of Avro & Protobuf When deliberating on the subject of data structure encoding, a tandem of tools frequently emerges in technical discussions: Avro and Protobuf. Originating from a vision of precise data compression, the distinguishable features and...
6.9AI Score
[SECURITY] [DSA 5617-1] chromium security update
Debian Security Advisory DSA-5617-1 [email protected] https://www.debian.org/security/ Andres Salomon February 08, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-1283 CVE-2024-1284...
9.8CVSS
7.8AI Score
0.001EPSS
7AI Score
0.001EPSS
[SECURITY] [DSA 5616-1] ruby-sanitize security update
Debian Security Advisory DSA-5616-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 05, 2024 https://www.debian.org/security/faq Package : ruby-sanitize CVE ID : CVE-2023-36823 It was...
6.1CVSS
6.6AI Score
0.001EPSS
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version...
7.1AI Score
0.001EPSS
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version...
6.1CVSS
7.4AI Score
0.001EPSS
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...
7.1AI Score
0.0005EPSS
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...
6.5CVSS
7.4AI Score
0.0005EPSS
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version...
6.1CVSS
7.4AI Score
0.001EPSS
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...
6.5CVSS
7.4AI Score
0.0005EPSS
CVE-2024-24574 phpMyFAQ vulnerable to stored XSS on attachments filename
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version...
7AI Score
0.001EPSS
CVE-2024-22208 phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...
7AI Score
0.0005EPSS
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
Summary The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. Details The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality...
7.3AI Score
0.0005EPSS
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
Summary The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. Details The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality...
7.3AI Score
0.0005EPSS
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't....
6.5CVSS
7.1AI Score
0.0005EPSS
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't....
6.8AI Score
0.0005EPSS
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't....
6.5CVSS
7AI Score
0.0005EPSS
CVE-2024-22202 User Removal Page Allows Spoofing Of User Details
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't....
6.7AI Score
0.0005EPSS
phpmyfaq -- multiple vulnerabilities
phpMyFAQ team reports: phpMyFAQ doesn't implement sufficient checks to avoid XSS when storing on attachments filenames. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets....
6.6AI Score
[SECURITY] [DSA 5615-1] runc security update
Debian Security Advisory DSA-5615-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 04, 2024 https://www.debian.org/security/faq Package : runc CVE ID : CVE-2024-21626 It was discovered...
8.6CVSS
6.9AI Score
0.051EPSS
[SECURITY] [DSA 5614-1] zbar security update
Debian Security Advisory DSA-5614-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 03, 2024 https://www.debian.org/security/faq Package : zbar CVE ID : CVE-2023-40889 CVE-2023-40890 Debian...
9.8CVSS
8.1AI Score
0.001EPSS